Hello again, I have a router/nat linux box. I managed to create some HTB classes and everything is OK. When perople are usig download managers like FlashGet and DAP (multiple connection ones), the ceil limiting works okay, but the rate parameter is somehow useles... The guaranteed bandwidth is never reached. So what can I do to limit the number of connections/computer? I want to make sure that they do not use more than one connection for the download manager. Thanks in advance _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 22 September 2003 21:21, Mihai Vlad wrote:> Hello again, > I have a router/nat linux box. I managed to create some HTB classes and > everything is OK. > When perople are usig download managers like FlashGet and DAP (multiple > connection ones), the ceil limiting works okay, > but the rate parameter is somehow useles... The guaranteed bandwidth is > never reached. > So what can I do to limit the number of connections/computer? > I want to make sure that they do not use more than one connection for > the download manager. > Thanks in advanceActually this is not Bandwidth Limiter task, this is could be handled by your proxy, like Squid. Check the configuration and enable maxconn ACL for file types: .exe .tar.gz .zip .iso .. etc .. - Rio.Martin - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello Rio, Tuesday, September 23, 2003, 5:42:03 AM, you wrote: Or you can use patch-o-matic connlimit + MARK. " This adds CONFIG_IP_NF_MATCH_CONNLIMIT match allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block). Examples: # allow 2 telnet connections per client host iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT " But i am not sure, it is perfomant solution. RM> On Monday 22 September 2003 21:21, Mihai Vlad wrote:>> Hello again, >> I have a router/nat linux box. I managed to create some HTB classes and >> everything is OK. >> When perople are usig download managers like FlashGet and DAP (multiple >> connection ones), the ceil limiting works okay, >> but the rate parameter is somehow useles... The guaranteed bandwidth is >> never reached. >> So what can I do to limit the number of connections/computer? >> I want to make sure that they do not use more than one connection for >> the download manager. >> Thanks in advanceRM> Actually this is not Bandwidth Limiter task, RM> this is could be handled by your proxy, like Squid. Check the configuration RM> and enable maxconn ACL for file types: .exe .tar.gz .zip .iso .. etc .. RM> - Rio.Martin - RM> _______________________________________________ RM> LARTC mailing list / LARTC@mailman.ds9a.nl RM> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Best regards, Denis mailto:admin@ams-sat.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 23 September 2003 12:51, nuclearcat@nuclearcat.com wrote:> Hello Rio, > Tuesday, September 23, 2003, 5:42:03 AM, you wrote: > Or you can use patch-o-matic connlimit + MARK. > This adds CONFIG_IP_NF_MATCH_CONNLIMIT match allows you to restrict the > number of parallel TCP connections to a server per client IP address > (or address block).Yes, this is good, but i havent tried iptables patch-o-matic before.. Could you forward me documentation guide for installing iptables patch-o-matic? - Rio.Martin - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Pada 23-Sep-2003, Rio Martin menulis:> On Tuesday 23 September 2003 12:51, nuclearcat@nuclearcat.com wrote: > > Hello Rio, > > Tuesday, September 23, 2003, 5:42:03 AM, you wrote: > > Or you can use patch-o-matic connlimit + MARK. > > This adds CONFIG_IP_NF_MATCH_CONNLIMIT match allows you to restrict the > > number of parallel TCP connections to a server per client IP address > > (or address block). > > Yes, this is good, but i havent tried iptables patch-o-matic before.. > Could you forward me documentation guide for installing iptables > patch-o-matic?I think, what Rio asked you to do is to forward the documentation guide of patch-o-matic to the list, since me and probably some of other listers also want to make some tries on it TIA aqil _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/